Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
tnazarov
Staff
Staff

Created on ‎09-17-2024 07:31 AM

Article Id 341920

Technical Tip: Restrict Access to the /owa URL from a Specific Country

Description This article describes how to allow access to Outlook Web Access (OWA) from a Single Country
Scope

Fortiweb 7.0.0 and later.
Solution

To achieve this, configure a custom rule and policy by following the steps below:

  1. Navigate to Web Protection -> Advanced Protection -> Custom Policy -> Custom Rule.
  2. In the 'Custom Policy' configuration, set the rule with the 'Alert & Deny' action.
  3. Add two filters:
    • One filter to match the URL '/owa'.
    • Another filter to match or exclusively match the 'GEO IP' setting, ensuring IPs from other countries are blocked from accessing the URL.

customrulekbs.png

 

Explanation:

  • ^ – Anchors the match to the start of the string (ensures the URL path starts with /owa).
  • /owa – Matches the literal /owa part of the URL.
  • (/.*)? – This part is optional, matching any additional path after /owa (for example /owa/somefile, /owa/login, etc.), but it can also match just /owa.
  • $ – Anchors the match to the end of the string, ensuring that it matches the entire URL.

This regex will match URLs like /owa, /owa/, /owa/login, etc., effectively blocking requests to the /owa path and any subpaths.

 

After configuring the custom rule, proceed with the following:

  • Create the custom policy.
  • Add the custom policy to the web protection profile.

 

custompolicykbs.png
670
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.